Online Data Breaches: Bigger, Faster & Costlier

In early August, Hold Security reported that Russian hackers had made off with over 1.2 billion username and password combinations as well as over 500 million email addresses, making this the largest data breach in history. In actuality, 4.5 billion records were stolen, but since many people have multiple passwords and usernames, it came down to 1.2 billion unique users. A post on the company’s website points out that there are roughly 2.9 billion Internet users worldwide, so “the chances are you or someone you know was hacked.”

According to Hold Security, some 420,000 websites were targeted, ranging from some of the biggest companies in the world to mom and pop operations. However, the company will not publicly disclose the list, as many of the sites are still vulnerable. Instead, Hold Security has been reaching out to the victimized firms to alert them of the breach. The company is also trying to come up with an online tool to help individuals see if their personal information was compromised.

If it sounds like massive data breaches such as these are getting bigger and happening more frequently, you are right. Hold Security was the same company that identified the data breach at Adobe Systems last October that resulted in exposing the customer IDs, passwords, and credit and debit card information of 38 million people. It also identified and tracked the Target Corp. (TGT) data breach in December, which led to the theft of 40 million credit card numbers and 70 million addresses, phone numbers and other pieces of personal information. Also, last October an identity theft service in Vietnam obtained 200 million personal records, including Social Security numbers, credit card data and bank account information from Court Ventures, now owned by Experian.

These data breaches are also becoming more expensive. According to a joint study published in May by the Ponemon Institute and IBM, the average total cost to a company for a data breach is up 15% from last year, to $3.5 million per breach.

If there is a silver lining to this latest Russian breach, it is that so far it does not appear that the data is being sold on the black market. Instead, the hackers appear to be using the stolen information to spam social networks on behalf of other groups. While the hackers collect fees for this type of work, selling the information on the black market would be much more lucrative.

Unlike a credit card, which you can cancel if it has been compromised, personal information such as Social Security numbers or passwords can be used for identity theft. Hackers bank on people using the same credentials for different sites, so they test the stolen usernames and passwords on websites such as banks and brokerage firms, where much more valuable information is stored.

Despite the best efforts of companies and security professionals, it is becoming more and more difficult to safeguard personal information on the World Wide Web. According to Lillian Ablon, a security researcher for the RAND Corporation, “The ability to attack is certainly outpacing the ability to defend.”

It appears that it is becoming a matter of when, not if, a consumer will have their personal information stolen via a data breach. So, in the face of breaches such as these, along with news of underlying vulnerabilities such as Heartbleed, what are consumers doing to protect themselves? Sadly, it seems to be not much.

New data from CardRatings.com shows that Americans underestimate the likelihood of being a victim of a breach and are not taking the correct steps to secure their finances even after a known attack. According to the survey, less than 52% of respondents even looked at their credit card statement after their information was compromised, while just over 45% checked their credit report.

Hackers and thieves rely on the complacency of their victims to capitalize on the stolen information. Based on this survey, it’s not surprising that the thieves are winning.

Best of the Web

This month we continue building our list of sites that the editors and staff here at CI view as being “the best of the Web.” This time around, we are highlighting eight sites that offer the best collections of news and analysis for individual companies, sectors and industries, as well as the U.S. and global economies. While these are the sites we deem to be on the top of the heap, any “best of” list is somewhat subjective. We are interested in hearing your feedback about the sites you use for these different categories.

Burn Rate

If the current trend holds, 2014 will be the most robust tech IPO (initial public offering) market in several years. While it is not even close to the rush to market of Internet firms in the late 1990s, interest in tapping into the equity market is peaking, undoubtedly fueled by the run-up in the stock market. Many firms setting their IPOs are in the early stages of the business life cycle, where cash is vital to a start-up hoping to become a going concern. Most companies never make it out of the development stage because they are not able to secure enough cash to allow them to cover costs before they start generating money from their product or service.

So, when evaluating new publicly traded firms, it is a good idea to analyze the cash levels and the rate at which cash is consumed. For companies with negative cash flow, you can determine a “burn rate” to gauge how long the company can operate before it may require additional outside funding, either via a debt or equity issue. My Tracking the Tech Sector article this month discusses multiple ways to evaluate a company’s cash burn rate as part of your analysis.

Discussion

Sy Richards from GA posted 7 months ago:

If you think this is bad, you ain't seen nothing yet. As part of the new Obama Health Care Act, All doctor's offices MUST digitize all of their paper records and maintain them on their computers. Failure to comply will result in stiff penalties. Goodbye to keeping patient's records confidential in manila folders. Those days are gone forever. And any expectations of privacy are gone forever, The hackers are in charge. Along with our various alphabet soup of government agencies.